Built by experts in app, infrastructure, and offensive security

Built by experts in app, infrastructure, and offensive security

The Truffle Security Co. was founded by career security experts. Security is our passion and our primary concern, and all features are developed with best practices in mind.

We develop secret scanning software while adhering to these best practices:

Single sign-on

Authenticate with secure SAML 2.0 or OAuth 2.0 workflows for users so your never have to worry about username and password breaches.

Isolated environments

Each customer’s installation of TruffleHog is hosted in its own private environment with an isolated database instance, which is encrypted at rest.

Randomly generated credentials

Every deployment of TruffleHog receives randomly-generated and securely stored infrastructure credentials.

No 3rd-party communication

The details of your findings are never sent to third parties.

In-memory scanning

Scanning for secrets occurs in memory so that the scanned data is never persisted to storage.

Automatic deployments and updates

Deployments and updates are automatic and behind the scenes, so you’re always using the latest and greatest.

On-prem or cloud

You can run from our secure and isolated servers, or run your own. With our on-premise scanners, you can scan sources on your internal network, scan in-region to reduce bandwidth costs, and ensure your source credentials never leave your infrastructure with a local configuration.

And most importantly,

We never store your secrets.

Honestly, it'd be easier if we did—but easier doesn't make it right. The decision to never store your secrets is fundamental to the design of TruffleHog. We only store metadata about where a secret is found and redacted information about the credential.